Cyber War is Part of Real-World Conflicts Today

On August 8, 2008 Nino Doijashvili, CEO of Atlanta-based hosting company Tulip Systemswas paying a visit to her home town in Tsiblinki, Georgia, thus putting her at the nexus of the first modern use of cyber attacks in conjunction with an invasion. While Russia amassed a force of 150 tanks on the border of Georgia, and while the world was occupied with the Olympics in Beijing, and coincidently just after NATO decided to postpone voting on admitting Georgia into its alliance, there began a concerted denial of service (DoS) attack against Georgia.

Knowing something about bandwidth and server hosting Doijashvili offered the services of her hosting facilities to the Georgian government who agreed. Now attacks targeted against Georgian government websites were finding their way to Atlanta, Georgia in the U.S. I am sure the customers of Tulip Systems did not expect that their hosting provider would embroil them in a shooting war between Eastern European states.

In retrospect, the damage done to innocent bystanders was minimal. But if there is one thing I have found to be truein the universe of cyber threats paying attention to early harbingers of trouble is the best way to prepare for what eventually becomes the status quo. That said, and based on this example, the new threat to prepare for is a network outage caused by warring nations. Estonia, Lithuania, and Ukraine have all suffered nationwide outages thanks to targeted Russian cyber attacks.

It may or may not come as a surprise that there is yet another threat to your IT infrastructure looming on the horizon. If you are not surprised it is because you are a veteran IT professional who has seen the escalation of threats from casual hacking all the way through the current chaos of cyber criminals going after credit cards and identities. I am one of those veterans so I am not surprised. I have been presenting on cyber threats since 1994.

Up until now it has been easy to illustrate why each threat was something the typical IT department should worry about: insider hacking is common, vandalism and hacktivism will evidence themselves on your webpages, and cyber crime gave rise to drive-by downloads, worms and viruses as well as targeted attacks against data stores of banks and retailers.

Yet, the mounting evidence that nations are engaging in cyber attacks against each other's data, communications and infrastructure is harder to depict as a threat to the typical IT department. A hospital, insurance firm, or university may claim they are not targets and cyber warfare is something only the defense department should be concerned with. They are wrong. There is a real and present danger that real-world shooting skirmishes can boil over into network outages that impact everyone.

Best Practices

Some of the things you should already be doing include multiple hardened DNS servers on separate netblocks; burstable bandwidth contracts with multiple providers; load balanced servers; and DoS defense products that can handle large amounts of syn-floods, and get-floods.

I also strongly suggest that you look at private networks as a backup to your Internet access. Remember frame relay and ATM? Much of the last decade has seen organizations cut costs by bundling VoIP services, data, and VPN all over the Internet. That may be premature. Think about private circuits between your locations and your major customers/partners. Satellite links between data centers are often installed as a third level of backup connectivity. Think of that for your own networks.

And finally, as crazy as it seems, do you have any modems left? It may be prudent to invest in a bank of digital modems and give some thought to the routing architecture you will have to throw together if the public Internet fails. I remember mixing 11 modems together to support my ISP when our uplink went down in 1994. The Internet will, of course, survive any cyber attack (after all it was designed to survive a nuclear war), but it could easily suffer very disruptive outages. Mitigate the impact of those outages on your operations by thinking today about tomorrows newest threat: real war.

Richard Stiennon is a security industry analyst. He writes the security blog for ThreatChaos.com and has re-launched IT-Harvest, an independent analyst firm that researches the 1,200 IT security vendors.Most recently Richard was chief marketing officer for Fortinet, the leading UTM vendor. Prior to Fortinet he was VP of Threat Research at Webroot Software.